Election Security Threats & Vulnerabilities Cheat Sheet
Equip Yourself With Knowledge: Compromises, Attack Vectors, & Risks
This reference “cheat sheet” is intended to provide the general public with a list of informational resources related to known vulnerabilities in election machinery used to manage registered voters and cast/count votes in American elections.
If you have a suggestion for credible resources that you think should be added, please leave the name and link in the comments of this Substack.
Note: All links to non-video materials are archived. If an article is paywalled, try the archived link.
Articles and Papers
Top Resources
U.S. Senate Select Committee on Intelligence Russian Interference in the 2016 U.S. Election Expert Testimony (archived)
2016 | Professor Dr. J. Alex Halderman, Professor of Computer Science & Engineering, University of Michigan.
Excerpt:
“Both optical scanners and [direct-record electronic] voting machines are computers. Under the hood, they’re not so different from your laptop or smartphone, although they tend to use much older technology—sometimes decades out of date. Fundamentally, they suffer from security weaknesses similar to those of other computer devices. I know because I’ve developed ways to attack many of them myself as part of my research into election security threats. [...]
Cybersecurity experts have studied a wide range of U.S. voting machines—including both DREs and optical scanners—and in every single case, they’ve found severe vulnerabilities that would allow attackers to sabotage machines and to alter votes. That’s why there is overwhelming consensus in the cybersecurity and election integrity research communities that our elections are at risk.”
-
Harper’s Magazine | How To Rig An Election (not yet archived)
2012 | Victoria Collier
Excerpt:
“But as the twentieth century came to a close, a brave new world of election rigging emerged, on a scale that might have prompted Huey Long’s stunned admiration. Tracing the sea changes in our electoral process, we see that two major events have paved the way for this lethal form of election manipulation: the mass adoption of computerized voting technology, and the outsourcing of our elections to a handful of corporations that operate in the shadows, with little oversight or accountability.
This privatization of our elections has occurred without public knowledge or consent, leading to one of the most dangerous and least understood crises in the history of American democracy. We have actually lost the ability to verify election results.”
-
How trustworthy are electronic voting systems in the US? (archived)
2015 | Beth Clarkson
Excerpt:
“My statistical analysis shows patterns indicative of vote manipulation in machines. The manipulation is relatively small, compared with the inherent variability of election results, but it is consistent. These results form a pattern that goes across the nation and back a number of election cycles. I’ve downloaded data and verified the results from several states for myself. Furthermore, the manipulation is not limited to a single powerful operator.”
-
The Genesis of America’s Corrupted Computerized Election System (not yet archived)
2018 | Jennifer Cohn
Description:
A comprehensive article that includes over 200 cited sources tying key pieces of information together to demonstrate how computerized election systems are used for election fraud in the U.S..
-
Verified Voting | November 2024 | Manufacturers
Description:
Map and data showing that in November 2024, 70% of American votes were cast and counted by two brands of machines.
-
Ballotpedia
Description:
A digital encyclopedia of American elections. Includes state-specific information and citations about recount and audit windows.
Combatting U.S. Election Security Myths
Myth: “It’s Impossible to Hack Into U.S. Election Systems”
Russia Targeted Election Systems in All 50 States, Report Finds (archive)
2019 | New York Times | David E. Sanger and Catie Edmondson
Excerpt:
“The Senate Intelligence Committee concluded Thursday that election systems in all 50 states were targeted by Russia in 2016, an effort more far-reaching than previously acknowledged and one largely undetected by the states and federal officials at the time.”
-
Myth: “Election Machinery Isn’t Connected To The Internet”
Swing State Voting Systems Were Left Connected to the Internet for Months, Report Says (archived)
2019 | Fortune | David Z. Morris
-
Exclusive: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials (archived)
2019 | Vice | Kim Zetter
-
Election commission orders top voting machine vendor to correct misleading claims (not yet archived)
2020 | Politico/Yahoo News | Kim Zetter
Conflicts of Interest/Machine Company Ownership
Republicans Have a Friend in the Company That Counts Their Votes (archived)
2020 | Alison Greene
Description:
The DC Report says it found “a revolving door” between government officials and the voting systems giant. A number of ES&S executives and lobbyists have ties to top Republican election officials and politicians.
-
New allegations against Smartmatic executive in company’s voting machine contract with LA county (archived)
2025 | Kim Zetter
Excerpt:
“U.S. government is seeking to show a pattern of corruption among Smartmatic executives that allegedly involved bribes and money laundering, new court filing shows.”
-
How voting machine lobbyists undermine the democratic process (archived)|
2019 | The New Yorker | Sue Halpern
Excerpt:
“In addition, since 2013, E.S. & S. has donated more than thirty thousand dollars to the Republican State Leadership Committee, a group that, in her book “Dark Money,” the New Yorker writer Jane Mayer calls “a catch-all bank account for corporations interested in influencing state laws.” Last year, Trump successfully nominated Donald Palmer, who, as a former state-election director in Florida and Virginia, was a member of the E.S. & S. advisory board, to be a commissioner at the U.S. Election Assistance Commission, the federal organization that oversees certification of election equipment.”
-
The Market for Voting Machines Is Broken. This Company Has Thrived in It (archived)
2019 | Pro Publica | Jessica Huseman
Description:
Half the country votes on machines made by ES&S. Many experts and election officials say the manufacturer remains dominant because there’s little government regulation and almost no oversight.
Resources Related to a Specific Election
Letter to Vice President Harris from Computer Security Experts (archived)
2024 | Free Speech For People
Description:
A group of computer security experts have written to Vice President Kamala Harris to alert her to the fact that voting systems were breached in 2021 and 2022 and urge her to seek recounts in key states to ensure election verification.
-
Verified Voting | November 2024 | Manufacturers
Description:
Map and data showing that in November 2024, 70% of American votes were cast and counted by two brands of machines.
-
U.S. Senate Select Committee on Intelligence Russian Interference in the 2016 U.S. Election (archived)
Volumes 1-5 | Senate Select Committee on Intelligence
Description:
A report by the U.S. Senate Select Committee on Intelligence on Russian active measures campaigns and interference in the 2016 U.S. election, detailing activities spanning multiple years by the Russian government directed against U.S. election infrastructure at the state and local levels.
-
Questions for the Record | Senate Select Committee on Intelligence (archive)
Jeanette Manfra, Acting Director of Undersecretary, National Protection and Programs Directorate U.S. Department of Homeland Security
Excerpt:
“While not a definitive source in identifying individual activity attributed to Russian government cyber actors, the Department of Homeland Security (DHS) is aware of Internet-connected election-related networks, including websites, in at least 21 states that were potentially targeted by Russian government cyber actors.”
-
Don’t Just Trust, Always Verify - The Status of Post-Election Auditing in the Presidential Swing States (archived)
2025 | Free Speech For People
Description:
A report co-authored by Susan Greenhalgh, Senior Advisor on Election Security for Free Speech For People, and Dr. David Jefferson, a nationally-recognized computer scientist, examined the post-election audits conducted in 2024 in seven swing states in order to consider if the audits provided strong evidence to affirm the computer generated election results. The report found that in most states the audits are insufficient, inadequately documented, and/or untimely, and are unable to provide strong evidence of the correctness of election outcomes. Though most audits were found to be lacking, the report states that, in itself, this does not indicate or suggest the election results were manipulated.
-
Republican Primary Election 2012 Results: Amazing Statistical Anomalies
2012 | Francois Choquette and James Johnson
Excerpt:
“Our primary observation in this paper is that a particular candidate [in these primaries] almost always gains a higher percentage of votes in precincts with higher vote counts. [...] We have sought, but have not yet found[,] concluding factors such as demographics that would justify a particular candidate’s higher success in precincts with a higher vote tally.”
Technical Resources
Security Analysis of the Diebold AccuVote-TS Voting Machine (archived)
2007 | Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten
Abstract:
“This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks.
-
Security Analysis of Georgia’s ImageCast X Ballot Marking Devices (archived)
2021 | Prof. J. Alex Halderman
Description:
Expert Report Submitted on Behalf of Plaintiffs Donna Curling, et al. Curling v. Raffensperger, Civil Action No. 1:17-CV-2989-AT U.S. District Court for the Northern District of Georgia, Atlanta Division
-
Vulnerabilities Affecting Dominion Voting Systems ImageCast X (archived)
Updated 2022 | Cybersecurity and Infrastructure Security Agency
Summary:
“This advisory identifies vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot. The ImageCast X can be configured to allow a voter to produce a paper record or to record votes electronically. While these vulnerabilities present risks that should be mitigated as soon as possible, CISA has no evidence that these vulnerabilities have been exploited in any elections.
Exploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices. Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in this advisory, including technical, physical, and operational controls that limit unauthorized access or manipulation of voting systems. Many of these mitigations are already typically standard practice in jurisdictions where these devices are in use and can be enhanced to further guard against exploitation of these vulnerabilities.”
Non-U.S./International
Note: We are particularly interested in receiving non-U.S./international resources regarding digitized election infrastructure from our international audience, including non-English language resources. Please leave any gems in the comments!
Germany:
Electronic Voting Banned in Germany (archived)
E. John Sebes | Oset Institute
-
Use of voting computers in 2005 Bundestag election unconstitutional (archived)
2009 | Bundesverfassungsgericht
Videos
Why Electronic Voting Is Still A Bad Idea
Tom Scott | YouTube
Description:
We still shouldn’t be using electronic voting. Here’s why.
-
Kill Chain: The Cyber War on America’s Elections
Description:
This documentary takes a deep dive into the weaknesses of today’s election technology, investigating the startling vulnerabilities in America’s voting systems and the alarming risks they pose to our democracy. It follows Finnish hacker and cyber security expert Harri Hursti as he travels around the world and across the U.S. to show how our election systems remain dangerously unprotected.
[This is a link to the trailer; watch the film on whatever streaming service is offering it.]
-
Kill Chain | Excerpt | Voting Machine Hacking - Election Security - C-Span3
YouTube
Description:
Excerpt from the documentary ‘Kill Chain’ showing U.S. elected officials commenting on the weaknesses in U.S. election machinery.
-
We watched hackers break into voting machines
2017 | CNN
Description:
At the DEF CON hacking conference, hackers were invited to try their hand at infiltrating the technology we rely on every election, including voting machines and a mock elections office. CNNTech’s Laurie Segall reports.
-
I Hacked an Election. So Can the Russians.
2018 | New York Times
Excerpt:
“It’s time America’s leaders got serious about voting security.”
-
Risk-Limiting Audits (00:51:40)
2025 | Professor Phillip Stark | Def Con
Description:
Inventor of the risk-limiting audit (RLA) highlights what an RLA does, what it doesn’t do, and claims that no states are performing RLAs to the recommended standard.
Thank you for reading! We hope these resources are useful. If you want to support our work, please consider donating via our website or upgrading to a paid subscription right here on Substack.
Thanks for pulling this together. Please consider adding the following analysis of the 2020 election (not paywalled): https://codered2014.com/wp-content/uploads/2023/11/TheRealSteal-IntroAnalysisCombinedUpdated-js8_WWW-2.pdf (“The Real Steal? Election Forensics and the 2020 Election”), of which I am the author.
I’d also suggest the Dorothy Fadiman film “Stealing America: Vote by Vote,” which focuses on the 2004 election and gives some grounding for just how long this issue has been ignored.
My book “CODE RED: Computerized Elections and the War on American Democracy” also would be of value. It looks like all the resources are available without charge so, if you are interested in adding CODE RED, I can provide a link to a pdf version. Thanks. jonathan.simon@whowhatwhy.org
PS - You might also wish to add an Electoral “Devil’s Dictionary” I put together, with helpful definitions and explanations of our terminology: https://whowhatwhy.org/politics/elections/the-electoral-devils-dictionary-a-glossary-of-terms-the-pundits-kick-around/.